Thanks
Many thanks to those who read and offered constructive comments regarding the pre-release version of this FAQ. In particular, many thanks to Walt Boyes & Jacques Chevron for their insightful comments and suggestions.
Current Version
This FAQ will be maintained in html format at http://www.accessnt.com.au/faqs/spam.htm
Distribution Policy
If you would like to mirror this FAQ on your site, please email me.
For many years now, the Internet community has attempted to come to grips with the potential threat to its peaceful existence and social dynamics created by Internet abuses. At the top of the list of Internet abuses is Unsolicited Email, otherwise known as UMail.
With very few exceptions, the practice of distributing bulk UMail is unacceptable, for a number of reasons, which are discussed below.
The purpose of this FAQ is to outline reasons why UMail is a menace to the Internet.
First, we will look at why Umail is an unacceptable practice because of the time, money, and bandwidth it wastes, and how it may also lead to loss or accidental deletion of email.
Secondly, we will look at steps you can take to avoid receiving UMail.
Thirdly, we will look at the arguments raised by spam marketers in support of Umail, and how they are generally flawed.
Finally, I have included a list of links to other Anti-UMail sites on the Internet.
Many Internet users, particularly those who use premier online services, such as AOL and CompuServe, are charged for each email message they receive. That is, the users pay to receive advertisements and other files, even though they did not request them. Most people consider that this is tantamount to theft by Internet advertisers.
Even users who access the Internet via Internet Service Providers ("ISPs") which do not charge per message received are out of pocket, as they must pay for the online time spent downloading email messages.
It may well be argued that it costs very little for those "additional seconds" required to download UMail. But if you were to add up the cost to the end user of those extra seconds over his or her Internet lifetime, it can amount to hundreds or thousands of dollars.
And if you multiply that figure out by the hundreds of thousands of people who already receive UMail (and the millions more who would if it became a standard practice), you will see some disturbing figures indeed!
Because of this, UMail differs from traditional junk mail, which is delivered to the householder or private boxholder at the advertiser's expense.
For example, if a company wanted to reach a wider audience, it might print a catalogue and have them delivered to all mailboxes in the surrounding area. The trader would pay the cost of having the catalogue printed (in itself a not insignificant cost) and delivered. The householder, however, pays nothing. Whilst they have the inconvenience of discarding the mailer, they are not charged each time one is received.
Mailouts in the "real world" involve a large financial outlay by the mailer. It costs money to have a quantity of materials printed. It costs money to have them delivered.
This financial factor acts as an effective restraint, ensuring that - at any time - the quantity of junk mail in "the real world" is limited.
Unfortunately, the outlays required for Umail aren't nearly as large in cyberspace. There are no printing costs - text is generated and distributed electronically. There are no delivery costs. Umail is delivered by the computers and protocols which comprise the Internet. As such, there are none of the financial limitations that exist in the real world to keep wholesale junk mailing at bay.
Most Internauts utilize email for business or personal use only. It is a medium through which suppliers, customers, colleagues & family can contact them quickly and efficiently. As such, they generally set aside time each day to read and respond to their email.
Umail occupies time which could otherwise be spent more profitably or constructively. Instead of getting on with the business of communicating with clients, suppliers & friends, users are spending an increasing amount of time weeding through their mailboxes deleting Umail. This wasted time will only increase should UMail become an accepted practice.
One of the main arguments proffered in support of UMail is that uninterested recipients can merely delete the email, with no harm done.
Wrong.
As mentioned above, it takes time and money to retrieve the email. It then takes further time to weed through your email, deciding what is and isn't UMail.
Granted, users might only be receiving a few UMails a day, and these might not take much time to deal with. However, should UMail receive widespread acceptance, you can expect much much more than a few messages a day. There are literally thousands of would-be marketers just champing at the bit, dying to send you email. For the average user, the number of UMail received would soon far outstrip mail from legitimate sources.
Finally, the time spent dealing with UMail is itself not insignificant, as the proponents would have you believe.
Marketers who engage in the practice already do not boldly proclaim that their message is an advertisement. There are no subject headers warning readers that the enclosed email is a marketing blurb.
Most UMail marketers realise that there is no value at all in simply sending junk email. They must take steps to ensure their copy is actually read by the recipient. Quite a number of means are employed to achieve this, ranging from vague or non-existent subject headers, to personalised headers which give the impression that the email message has been sent from a friend or a colleague.
It is quite rare that Umail is sent to a limited number of users. Instead, it is more likely that hundreds, if not thousands of users are on the recipients list of each UMail message sent. This adds an additional burden upon the already limited and strained bandwidth available to the Internet for legitimate use.
Next time you sit starting at the little hourglass as you try to connect to your favorite WWW site, or as you count down the minutes whilst waiting for a program to download, just try to imagine how much faster it might happen if there wasn't - at that exact time - hundreds of thousands of UMail messages flashing across the system looking for mailboxes to call home.
And then, do a quick mental calculation of how much that extra time saved would have reduced your online time, and therefore your online bill (given that you're probably paying for access by the hour).
Email is fast becoming an important fixture in the business world. Very soon it will be as important to business in the '90s as facsimile machines were in the '80s. Imagine your discomfort in explaining to a client that you missed his/her request for a quote etc. because you overlooked their email (or worse, deleted it in an overzealous UMail culling session). But then, you probably cannot imagine that happening just yet, but wait until the volume of UMail rises...
In most cases, your ISP only provides you with a limited amount of disk space within which your mailbox resides. Imagine your frustration at missing an email message from an important client because it was "bounced" as a result of your mailbox being too full or because you had exceeded your disk quota (caused by a shower of UMail).
Most Umail is generated by slick marketers and "get-rich-quick" types, who have little or no understanding of how to market to Internet users. Most are laboring under the misconception that number of messages = number of customers = $$$ profits, without any regard to whether the recipients of their email are actually interested with their products or services.
As such, there is very little to be gained in attempting to reason with them, nor is their any use in abusing them.
Instead, the best way to strike back at these people is to hit them where it hurts: at their Internet connection.
Most ISPs have very strict policies against the sending of unsolicited email, and will act very quickly to convince the offenders of the errors of their ways; either by imposing fines, issuing warnings or - in appropriate cases - denying them access to the Internet.
Here are the steps you should take when you receive unsolicited email:
I am compiling a list of email addresses set up by various ISPs which users should report UMail abuses to. If you have details of specific addresses, please email me
As mentioned, some of the above email addresses may not be correct (for example, a given ISP may not have set up an abuse account) in which case the email will be returned to you with an error message advising that there was no such user. But at least 1 or 2 of your email messages will find their way into a mailbox somewhere.
Often, those mailboxes will have autoreponders set up, which will send you a brief message confirming that your email has been received. The message will normally outline what steps will be taken to investigate your complaint, as well as provide human contact details (such as telephone and facsimile numbers) or more specific details on who to send future email messages to.
Many professional marketers and individuals who engage in the bulk emailing of unsolicited email are quite organised, often with their own Internet domain name and hardware (such as mail servers and a direct connection to the Internet). In these cases, it is unlikely that sending email to 'postmaster' etc at that site will remedy the problem.
On other occasions, the UMailer is quite aware that they will be annoying a large number of people with their activities, and so they attempt to hide their real identity to prevent a backlash. You'll easily pick the type. They use a business name, with no street address or email details. Often they list an answering service as a point of contact, or simply a PO Box.
In both these instances, a little bit of detective work is required to ascertain both who is behind the UMail, and where the most appropriate place to send your messages of complaint is.
Marketers who have their own Internet hardware etc. still need to have an "onramp' to the Internet somewhere, usually via one of the larger ISPs which provide backbone services. Equally, UMailers who try to conceal their identity by using false Reply-To addresses must gain access to the Internet to send the email.
Determining who provides the onramp services or the legitimate email address of the UMailer requires you to analyze the header information in the email you received. Most email programs will display email headers, either by default or upon request.
Here is an example:
Received: from mail.yoursite.com with ESMTP
id TAA07094 for ([email protected]);
Sat, 22 Jun 1996 19:37:52 +1000 (EST)
Received: from mail-gateway.AOL.com by spammer.com
(with SMTP id EAA25957; Sat, 22 Jun 1996 04:07:19 -0500 (CDT)
Message-Id: ([email protected])
From: "ILOVE2SPAM" ([email protected])
To: [email protected]
Date: Sat, 22 Jun 1996 02:55:24 +0000
From the above headers, we can trace (in reverse order) the mail being sent by [email protected], which passed through a mail server operated by AOL (mail-gateway.AOL.com) and then on to the mail server of your site (mail.yoursite.com) then to your account ([email protected])
As such, we can see that the UMailer in this example gains access to the Internet via AOL, and that they would be the best people to email with a report/complaint.
Equally, if the Umailer was using an online service to use the email, but they have configured their email software to give a bogus email address, you can often still track down their identity.
Look at the following headers for example:
Return-path: ([email protected])
Received: from mail.spammer.com
by mail.yoursite.com (PMDF V5.0-4 #10530)
id ([email protected]) for [email protected]; Sat,
28 June 1996 17:29:58 -0400 (EDT)
Received: (from looser@localhost) by mail.spammer.com
(8.6.12/8.6.12)
id RAA04330; Tue, 07 May 1996 17:29:57 -0400
Date: Tue, 07 May 1996 17:29:56 -0400 (EDT)
From: Sales ([email protected])
Subject: An offer too good to be true!
X-Sender: [email protected]
To: [email protected]
Message-id: (Elm.BSD/[email protected])
In the above example, we can see that the email purportedly comes from a user called [email protected] (in cyan text), but upon closer examination, it is revealed (by the Return-path, X-Sender & 1st Received Fields in red text) that it was in fact sent by a user called [email protected]
NB: The above examples are a fictional example only.
Once you have discovered who your spammer is, there are a number of ways to find out more about that person. The easiest way is to use a WWW-to-Finger Gateway service, which, after you provide the email address of the culprit, will provide you with the account details of the user (such as full name, company details etc).
Here are a few WWW-to-Finger Gateways:
 | Rickman's Web to Finger Gateway
| Doug's WWW-Finger Gateway
| HyperFinger
| |
A cautionary tale
Before you begin to wreak havoc & retribution on the lamer who sent the UMail, it is always wise to remember that there are some marketers out there who are very adept at Unix (or, at least, are smart enough to hire someone who is) and as such often go to great length to hide their identity.
It is quite simple to make an email message appear to come from someone else (that is, a legitimate Internet user) if you have access to the know-how and the right software.
The key to avoiding UMail is understanding where these UMailers get their list of email addresses.
The most obvious place is Usenet articles.
Each time you post or respond to an article in Usenet, all your contact details are included as part of the headers. Your name, email address, ISP and (occasionally) contact details are included.
These headers provide ripe picking grounds for UMailers.
It is quite a simple task for someone to harvest email addresses from Usenet. Many sites maintain archives of Usenet articles, often with search engines which allow users to search for articles of interest. Unfortunately, these search engines can also be used to search for email addresses.
Many unscrupulous ISPs make their Usenet databases available to spammers for a fee. Other Internet users have written programs specifically designed to trawl through Usenet in search of email addresses, making it very easy to collect hundreds of thousands of email addresses.
The other obvious resource for obtaining email addresses is mailing lists.
Most major mailing list programs allow users to enquire who is subscribed to a particular email list by simply sending an email message to the administrative account with one or two commands. In return for this minimal effort, the UMailer receives an email response which will include each subscribers' name & email address.
Other UMailers use their Web sites (or the Web sites of others) to collect email addresses. They generally offer free prizes or games, which users must register (by providing personal details, including email addresses) to become eligible to win or play. A well publicized competition etc. might net a list of thousands of email addresses, which can be sold and resold many times over.
Chilling? It gets even worse. Most Web sites now employ Java scripts, and other tactics, which can capture your email address without your permission. Most Web browsers will quite happily supply various details about you, such as your email address, ISP, region of origin and Operating System, when prompted by the Web site! All of this takes place in the background, whilst you are exploring the site. Not convinced? Click here.
So how do you avoid becoming just another email address on a list?
Well, there are a number of different actions for you to take:
Be Careful what information is given away!
First of all, take a closer look at your email, Usenet, Web browsing and other Internet software. When you first installed them you were no doubt prompted for specific information such as your name, email address etc. These details are stored by the program (usually in an .ini or configuration file) and are often automatically included in any postings, email messages etc. you may make.
Unless it is absolutely vitally important that people be able to respond to your messages etc., consider removing your email address and name from the user details. This will ensure that your information is not given out or obtained overtly.
Multiple Email Addresses
Equally, if privacy is of utmost importance to you, consider maintaining two or more Internet accounts.
For example, I have three different email addresses with different ISPs.
One I use as my "general purpose" account, which I use to subscribe to email lists and post Usenet articles. It is included as my contact address in articles, FAQs and books I have written.
This is very much a "public address". It is also the address to which all of the UMail I have received has been addressed.
I also have another address, which is given to my clients, and important business contacts. This account receives very little email (at least, in comparison to my public email address). Any email I receive at that account is given priority, because I know that it is from people I wish to hear from.
My third email account is very private, and only revealed to persons with whom I am working on special projects etc. with.
By having different "layers" of email, I am in a better position to monitor & filter my incoming email. I have configured my "public" email account to reject or delete email from "known" UMailers. When one slips through, their address is added to my kill file, never to be heard from again.
If you don't think your email address is widely known, here is a little test for you. Connect to any or all of the sites listed below, and search for yourself. You many be surprised by the results. I have found old email addresses which I used at Law School (and which have been dormant for over 5 years!).
| Four 11 Internet White Pages
| EMAIL.AU - The Australian Email Directory
| DejaNews - Usenet Search Engine
| Internet Address Finder
| net.citizen Directory Services
| Bigfoot
| NetFind
| World Email Directory
| |
It is possible to advertise via email without raising the hackles of Internet users.
This will be covered in a separate FAQ. Stay tuned for more details.
The proponents of Umail can be quite boisterous in their damnation of anyone who opposes their practice. If you follow any debate about UMail, there are several common arguments raised to support the practice. In this section, I will examine and rebut such arguments.
This is one of the more common arguments. Proponents assert that it only takes a few seconds to delete a piece of junk email. That is true. No one forces anyone to read junk email. Why not simply toss it away, like we do junk mail in our mailboxes?
Because this argument ignores several important factors:
Now, this one is always a goodie. It is said that the only people who complain about junk email are those who are bitterly opposed to the use of it as a marketing tool, or against the commercial use of the Internet in general.
Well, it almost begs the question.
If the proponents of UMail think it is a bona fides method of marketing which only a minority of Internet users disagree with, why is it then that:
These facts smack of an attempt by the UMailers to ensure that they avoid an anticipated backlash by Internet users. If it is such a benign form of marketing, why the pretense?
Quite a number of veteran Internet users take every step possible to report UMailers. Complaints are sent via email to their ISPs or, where they own their own equipment etc., to the company which provides them with an onramp to the Internet. These companies are usually very responsible, and take quick steps to ensure the UMailers are made aware that their activities are not welcome on the Internet.
Users who report UMailers are not acting as net.cops. They themselves have no power to cause a users' account to be canceled. Such actions are only taken by individual ISPs as an extreme measure against UMailers who refuse to accept that it is not an acceptable practice. The fact that such steps are taken by ISPs indicates that there is a widespread stance against UMail.
This is a particularly emotional position taken by the UMailers. However this position is not without its difficulties:
In any event, the right to freedom of speech does not amount to a right to be heard. There is a big difference between being able to stand on soapbox in Central Park and yell to your heart's content, and going from door to door yelling the same speech.
In the first scenario, those who do not wish to listen to your diatribe (for whatever reason) are able to move on and ignore you. In the second scenario, they do not have that choice. Similarly, UMail removes a user's choice to listen to you.
If you are a member of a number of email discussion lists and/or actively participate in a number of Usenet groups, chances are that your email address has made its way onto a UMailer's mailing list (if you want to check the likelihood of this happening, visit some of the Email Search Engines listed above).
If you have made it onto the lists, then you probably only receive a handful of junk email messages a week (10 is the highest I have received in a week).
UMail proponents cite this as grounds to rebuff arguments by those opposing UMail that if it became a widespread practice, our mailboxes would be flooded with unsolicited email. If UMail was so easy and cheap to send, why have we not experienced a tidal wave of email already they ask?
It is true that the level of UMail at present is quite small, when compared with the amount of unsolicited advertising we receive in "the real world". However, if junk emailers get even a sniff of acceptance, then let me assure you the volume would rise.
The cost of collecting email addresses and sending bulk UMail pales in comparison with the cost of sending junk mail in the real world (as noted above). If real world costs don't stop junk advertisers from cramming your Post Office box with junk each week, then what on earth is going to stop them on the Internet, where it is much, much cheaper?
The only thing keeping UMail levels down to a small murmur at the moment is the realization on the part of the UMail that if they get caught, they will receive a flood of angry complaints. To avoid this backlash, they have to resort to covert tactics to minimize the chances of being caught, which takes time and money, and is a general disincentive from engaging in the act altogether. Remove that fear of backlash, remove those final restraints, and your email box won't know what hit it.
This FAQ is constantly being updated. If you have any comments, or suggested additions, please email me.